Is VMware's ESXi illegal in the cloud?

The implications of the lawsuit in Germany charging VMware with copyright infractions.

UPDATE (3/16/2015): VMware-Hellwig Dispute is about Linux kernel code.

In my research regarding the Hellwig-VMware dispute, many signs pointed towards difficulty surrounding copyrights Hellwig asserts in BusyBox, a toolkit widely used in Linux.

I have been corrected: Hellwig apparently maintains that copyrighted code he's written for the Linux Kernel is in VMware product. Appropriating code covered by the GPLv2 license carries mandates to comply with the license, and a compliance problem is the crux of the matter.

Denver Gingerich, FLOSS License Compliance Engineer for the Software Freedom Conservancy, sought to address my blog research, thusly:

1. There are a few claims about what Hellwig wrote that aren't quite right, in particular, "Hellwig and others have written a set of tools called BusyBox. ... Hellwig has a number of copyrights easily seen in the BusyBox versions." Hellwig hasn't written much BusyBox code that I'm aware of. While Conservancy did initially begin our enforcement against VMware because of a BusyBox violation, we then found a violation in the kernel named Linux, where Hellwig has written a substantial amount of code and does hold a large number of copyrights.

2. In general, the article suggests that the lawsuit is about BusyBox. But the lawsuit is actually about the kernel named Linux. It was filed because VMware combines parts of the kernel named Linux with their own proprietary code. I apologize if our FAQ page was unclear in any way, and I will try to add some clarifications there to curtail future misunderstandings. If you have specific suggestions for how to clarify things or if you can give me more details on what might have led to the misunderstanding, I'd be happy to hear them.

I'm not a coder of Hellwig's stature, and my meager code (what little there is) isn't usually licensed, although there's both Creative Commons and GPLv1/2/3 code in the wild. While I personally am inactive in terms of code enforcement, I understand the motivations of coders who want to enforce their licenses and obligations undertaken when their code is reused.

Does this change the nature of whether or not VMware implementers should be nervous? I don't think so. It does, however, remind organizations that the provenance of their code is important, be it free and open source, the variants of licensing methods and what those licenses grant, and the nature of how copyrights work, even and especially in FLOSS code. Despite attempts to obfuscate how code-use procedures under various open source license types is performed, these licenses are much easier to understand than most closed licenses.

And with a tip of the hat, I thank Mr Gingerich for his clarification.

---

Might VMware's ESXi be illegal in the cloud—or anywhere? I asked my VMware contact as a reviewer, and was pointed towards VMware's Official Response, which amounts to: Mea Non Culpa. The GPLv2 is pretty clear, and one wonders what the fallout will be should the German courts find in favor of German developer Christoph Hellwig, the plaintiff in the litigation.

The answer is: should Hellwig win, the problem is likely at the hands of VMware, and no other.

The background is simple (see "VMware sued for alleged GPL license infractions"). Hellwig and others have written a set of tools called BusyBox. They're handy as can be, and have been around a long time. They're licensed under the GPLv2, and Hellwig has a number of copyrights easily seen in the BusyBox versions. He contributes to Linux kernels, too, and if you search through the latest version, 4.0, his name comes up very frequently. He's religious about his copyrights, as far as I can tell. I am not a lawyer and don't give legal advice. I use this stuff.

Hellwig seems to contend, although the complaint is private (by default in German law), that VMware continues to use the code covered by his copyright, in contradiction of his ownership by copyright as exercised under the GPLv2 license Hellwig used. VMware must remove that code, should it be present, and replace it with something else. Replace it with what? The answer is a bit dark, but VMware claims that they're not guilty of the complaint. Indeed, they might not be.

If they did use his code, Hellwig seems to have nexus to complain. From the Software Freedom Conservancy's complaint FAQ, it appears that VMware did indeed have some issues in terms of license compliance, and made some changes to attempt to comply with problems, but for whatever reasons, stopped. Hellwig wants them to finish the job.

Other very visible organizations use legally licensed BusyBox. Some didn't consider their use, made products that used it, were found to be guilty of copyright violation, and then published their code, so as to comply and keep the code openly compliant with the GPLv2. These include companies like Verizon and Cisco.

Many elements of currently successful x86/x64 Type 1 Hypervisors, VMware, Citrix Xen, Virtual Iron, and Hyper-V, are built on the shoulders of early open source coder pioneers. Today, container/sandboxing methods are also rapidly evolving—much more quickly in Linux than any other software. Whether Hellwig will get his due or not remains to be seen—we'll know when it makes its way through the German courts. For now, using VMware isn't risky no matter the outcome, based on the complaint—unless you're a stockholder – and perhaps not for years even if you are one.

To comment on this article and other Network World content, visit our Facebook page or our Twitter stream.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.